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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (CURRENTLY AMENDED) A method in a telecommunication system for 
allowing a SIM-based authentication to users of a wireless local area network who are 
subscribers of a public land mobile network, the method comprising th e st e ps of : 

(a) a wireless terminal accessing the wireless local area network through an 
accessible Access Point; 

(b) discovering an Access Controller interposed between the Access Point and the 
public land mobile network from the wireless terminal; 

(c) carrying out a challenge-response authentication procedure between the wireless 
terminal and the public land mobile network through the Access Controller, the wireless terminal 
provided with a SIM card and adapted for reading data thereof; 

th e m e thod charact e riz e d in that wherein the challenge-response authentication 
submissions in step (c) take place before having provided an IP connectivity to the user, and are 
carried: 

on top of a Point-to-Point layer 2 protocol (PPPoE) between the wireless terminal 
and the Access Controller; and 

on an authentication protocol residing at an application layer between the public 
land mobile network and the Access Controller; and 

the method further comprises a step o f comprising : 
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(d) offering the IP connectivity to the user at the wireless terminal, by sending an 
assigned IP address and other network configuration parameters, once said user has been validly 
authenticated by the public land mobile network. 

2. (CURRENTEY AMENDED) The method in claim 1, wherein the step (b) ef 
discov e ring an Acc e ss Controll e r includes a step of establishing a Point-to-Point Protocol session 
between a Point-to-Point over Ethernet (PPoE) Protocol client in the wireless terminal and a 
Point-to-Point over Ethernet (PPoE) Protocol server in the Access Controller. 

3. (CURRENTLY AMENDED) The method in claim 1, wherein the step (c)-ef 
carrying out th e chall e ng e r e sponse authentication proc e dur e includ e th e st e ps o f includes : 

(cl) sending a user identifier from the wireless terminal to the public land mobile 
network through the Access Controller; 

(c2) receiving an authentication challenge at the wireless terminal from the public land 
mobile network via the Access Controller; 

(c3) deriving encryption key and authentication response at the wireless terminal from 
the received authentication challenge: 

(c4) sending the authentication response from the wireless terminal to the public land 
mobile network through the Access Controller; 

(c5) receiving at the Access Controller an encryption key from the public land mobile 
network; and 

(c6) extracting the encryption key received for further encryption of communication 
path with the wireless terminal. 
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4. (CURRENTLY AMENDED) The method in claim 2, further comprising the step 
oTshifting authentication information received on top of a -the Point-to-Point layer 2 protocol 
upwards to an- the authentication protocol residing at the application layer for submissions 
toward the public land mobile network. 

5. (CURRENTLY AMENDED) The method in claim 4, further comprising the step 
eTshifting authentication information received on an-the authentication protocol residing at the 
application layer downwards on top of a -the Point-to-Point layer 2 protocol for submissions 
toward the wireless terminal. 

6. (CURRENTLY AMENDED) The method in claim 3, further comprising th e st e p 
ef-establishing at the wireless terminal a symmetric encryption path by using the previously 
derived encryption keys at the Access Controller and the wireless terminal. 

7. (CURRENTLY AMENDED) The method in claim 1 , wherein the step (d) ef 
s e nding an IP addr e ss includes a previous step of requesting saeh -the assigned IP address from a 
Dynamic Host Configuration Protocol server. 

8. (CURRENTLY AMENDED) The method in claim 1 , wherein the communication 
between the Access Controller and the public land mobile network goes through an 
Authentication Gateway of said public land mobile network. 
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9. (CURRENTEY AMENDED) The method in claim 1 , wherein the communication 
between the Access Controller and tbe-an Authentication Gateway of a -the public land mobile 
network goes through an Authentication Server of the wireless local area network in charge of 
authenticating local users of said wireless local area network who are not mobile subscribers. 

10. (CURRENTEY AMENDED) The method of claim-4- J, wherein the user 
identifier in step (cl) comprises a Network Access Identifier. 

1 1 . (CURRENTLY AMENDED) The method in claim-4_3, wherein the user identifier 
in step (cl) comprises an International Mobile Subscriber Identity. 

12. (CURRENTLY AMENDED) The method in claim 1, wherein the authentication 
protocol residing at the application layer in step (c) is an Extensible Authentication Protocol. 

13. (CURRENTLY AMENDED) The method in claim 12, wherein dm-the 
Extensible Authentication Protocol is transported over a RADIUS protocol. 

14. (CURRENTLY AMENDED) The method in claim 12, wherein fes-the 
Extensible Authentication Protocol is transported over a Diameter protocol. 

1 5 . (CURRENTLY AMENDED) An Access Controller in a telecommunication 
system that comprises a wireless local area network including at least one Access Point, a public 
land mobile network, and at least one T e rminal Equipm e nt w ireless terminal p rovided with a 
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SIM card and adapted for reading subscriber data thereof, the Access Controlle r characterized in 
that it comprises comprising : 

(a) a Point-to-Point layer 2 protocol (PPPoE) server for communicating with the 

wireless terminal over a PPPoE protocol, and -the PPPoE server being arranged for tunneling the 
^challenge-response authentication procedure; and 

(h) an authentication client p rotocol residing at an OSI application layer for 

communicating with the public land mobile networ k, wherein the authentication client is 
configured to implement an authentication protocol residing at an application layer, 

wherein the Access Controller is configured to send an assigned IP address and other 
network configuration parameters to the wireless terminal to provide IP connectivity after the 
challenge-response authentication procedure is successfully carried out between the wireless 
terminal and the public land mobile network in the telecommunication system . 



16. (CURRENTLY AMENDED) The Access Controller in claim 1 5 furth e r 

comprising T . wherein 

(a) m e an s for s hift i ng th e- w herein the authentication client is configured to shift 

information received on top of the Point-to-Point layer 2 protocol upwards to the authentication 
protocol residing at the application layer; and 

(b) m e ans for s hifting th e w herein the PPPoE server is configured to shift information 

received on the authentication protocol residing at the application layer downwards on top of the 
Point-to-Point layer 2 protocol (PPPoE). 
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17. (CURRENTEY AMENDED) The Access Controller in Claim 1 6 further 
comprising means wherein the Access Controller is adapted for requesting IP address from a 
Dynamic Host Configuration Protocol server, after a user has been successfully authenticated by 
his public land mobile network. 

18. (CURRENTEY AMENDED) An Access Controller according to claim 17^ 
wherein the Access Controller is adapted for communicating with a -the w ireless terminal via an 
Access Point. 

19. (CURRENTLY AMENDED) An Access Controller according to claim 17^ 
wherein the Access Controller is adapted for communicating with a -the p ublic land mobile 
network via an Authentication Gateway. 

20. (CURRENTLY AMENDED) An Aecess Controller according to claim 17^ 
wherein the Access Controller is adapted for communicating with an Authentication Gateway via 
an Authentication Server responsible for authenticating local users of arthe wireless local area 
network. 

2 1 . (CURRENTLY AMENDED) An Access Controller according to claim 1 5 , 
wherein the authentication protocol residing at the application layer is an Extensible 
Authentication Protocol. 
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22. (CURRENTEY AMENDED) The Access Controller in claim 2 1 , wherein this-the 
Extensible Authentication Protocol is transported over a RADIUS protocol. 

23. (CURRENTEY AMENDED) The Access Controller in claim 21, wherein this-the 
Extensible Authentication Protocol is transported over a Diameter protocol. 

24. (CURRENTEY AMENDED) A wireless terminal capable of carrying out a 
challenge-response authentication procedure, the wireless terminal comprising functionally for 
acting as a client configured to act as a Point-to-Point layer 2 protocol (PPPoE) client^ 

wherein and having an Extensible Authentieation Protoeol is carried on top of this-a 
Point-to-Point layer 2 protocol , and 

wherein the wireless terminal is configured to receive an IP address after successfully 
carrying out the challenge-response authentieation proeedure. the IP address being usable to gain 
IP connectivity . 

25. (CURRENTLY AMENDED) A telecommunication system comprising! 

a wireless local area network that includes 

at least one Access Point, 
a public land mobile network,-and 

at least one T e rminal Equipm e nt w ireless terminal p rovided with a SIM card and 

adapted for reading subscriber data thereof, and 
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characterized in that it further comprises the Access Controller in claim 15 for 
allowing SIM-based subscriber authentication to users of the wireless local area network 
who are subscribers of the public land mobile network. 
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